Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3920

Опубликовано: 15 нояб. 2022
Источник: redhat
CVSS3: 7.5

Описание

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

A flaw was found in the Consul Package. Affected versions of this package are vulnerable to information exposure via the /v1/internal/ui/nodes and /v1/internal/ui/services endpoints for cluster peering, which expose node and service information to unauthenticated attackers.

Отчет

The peering feature was introduced in Consul 1.13.0 as a beta feature. Red Hat products don't ship the affected versions of the Consul Package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/cluster-curator-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/managedcluster-import-controller-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaNot affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/odf-multicluster-rhel9-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/odr-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=2148169consul: Consul Cluster Peering Leaks Imported Nodes/Services Information

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3920

CVSS3: 5.3
ubuntu
почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

nvd логотип

CVE-2022-3920

CVSS3: 5.3
nvd
почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

debian логотип

CVE-2022-3920

CVSS3: 5.3
debian
почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...

github логотип

GHSA-gw2g-hhc9-wgjh

CVSS3: 7.5
github
почти 3 года назад

Missing Authorization in HashiCorp Consul

fstec логотип

BDU:2025-08592

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с раскрытием информации, позволяющая нарушителю получить доступ к потенциально конфиденциальной информации

7.5 High

CVSS3